Facebook: Remember how we promised we weren’t tracking your location? Psych! Can't believe you fell for that

Then, late on Monday, Facebook emitted a blog post in which it kindly offered to help users “understand updates” to their “device’s location settings.”. The blog post says: “On iOS devices, you currently have three options to share your precise location with an app: always, only when the app is in use or never. If you decide to update to iOS 13, you will see an additional option called ‘allow once,’ which lets an app access your device’s precise location information only once.

Brain-scanning in Chinese factories probably doesn’t work — if it’s happening at all

In experiments, researchers have their subjects blink and do small movements so they can teach the device not to count those signals as brain signals. Plus, while medical EEG uses “wet” sensors applied with a gel, a device like the Chinese hat is dry, and dry sensors are more likely to pick up noise.

Concerns About Light Phone II

The Light Phone, Inc. has announced pre-orders for the Light Phone II, a device with a monochrome e-ink display and no camera, designed to reduce phone distraction. That sounds great, but at $350 per device and $3.5 million in the bank, one might expect a more robust website to address issues of security, data privacy, and functionality. Last week, we emailed The Light Phone, Inc. to ask how they intend to protect device owners.

You Know That Mobile Phone Tracking Data You Used As Evidence In Over 10,000 Court Cases? Turns Out Some Of It Was Wrong, But We're Not Sure Which Yet

As many have pointed out, our mobile phones are the perfect surveillance device. Put this together with the fact that mobile phones have to connect to a nearby transmitter in order to work, and you end up with a pretty good idea of where the person using the device is throughout the day.

Google says hackers have put ‘monitoring implants’ in iPhones for years

Their location was uploaded every minute; their device’s keychain, containing all their passwords, was uploaded, as were their chat histories on popular apps including WhatsApp, Telegram and iMessage, their address book, and their Gmail database. However, according to Ian Beer, a security researcher at Google: “Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device.” Beer is a member of Project Zero, a team of white-hat hackers inside Google who work to find security vulnerabilities in popular tech, no matter who it is produced by.

Malicious websites were used to secretly hack into iPhones for years, says Google

“Simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant,” said Ian Beer, a security researcher at Project Zero. The five separate attack chains allowed an attacker to gain “root” access to the device — the highest level of access and privilege on an iPhone. In doing so, an attacker could gain access to the device’s full range of features normally off-limits to the user.

Google Android Adware Warning Issued To 8 Million Play Store Users

Adware is malware that hides on your device and serves you unwanted advertisements. Meanwhile, in order to display unwanted advertisements, the app registers a broadcast receiver to check if the user has unlocked the device. The researchers point out that the latest Samsung Android devices have a feature that restricts the creation of shortcuts on the home screen, which can help users uninstall it.

State-sponsored cyber spies targeting IoT - a warning from Microsoft

Cyber spies are breaking into large enterprises through IoT devices that IT departments may not know exist on the network. Keeping track of the deluge of IoT devices being connected to enterprise networks and making sure they are updated and protected is not the most exciting job in IT. But, it is fast becoming one of the most important because, as Microsoft notes, the number of deployed IoT devices already outnumbers the population of personal computers and mobile phones, combined, and is growing exponentially daily.

How to disable OK Google and Google Assistant on Android devices

Many Android devices come with Google applications and services, even if the device is not a device created by Google itself but by another company. Google Assistant is available as a standalone application as well which Android users may install to integrate it on their device. Two of the features that you may find on your Android device are OK Google and Google Assistant. If OK Google or Google Assistant are active on your Android device but you are not using these tools, you may want to consider disabling those.

And the danger to unsuspecting users, trusting that new boxed devices are safe and clean, is that some of that preinstalled malware can download other malware in the background, commit ad fraud, or even take over its host device. Android is a thriving open-source community, which is great for innovation but not so great when threat actors seize the opportunity to hide malware in basic software loads that come on boxed devices.

But many of these apps, said Hastings, send user or device data to third-party data analytics companies — often to monetize your information — without your explicit consent, instead burying the details in their privacy policies. He also found Truecaller and Hiya uploaded device data — device type, model and software version, among other things — before a user could accept their privacy policies. Hiya conceded that it sends some device data to third-party services when opening the app but claims it doesn’t collect personal information.

Juul's app-connected e-cigarette keeps tabs on your vaping

It also has connectivity features like a locator to find your vape if you lose it and a device lock to prevent anyone other than you from using your device. The C1 app uses facial recognition and a two-step background check to verify a user's age, preventing teenagers from using the device.

Harpooned by Facebook

As smart devices become an ever-larger part of our lives, we look at how Facebook and other companies gather information about their users and turn it into profits. Finally, Reveal’s Ike Sriskandarajah looks at the biggest smart device most of us own, the television, and how one TV maker was using it to secretly gather marketing data on its customers and sell it to advertisers.

5G Is Here—and Still Vulnerable to Stingray Surveillance

At the Black Hat security conference in Las Vegas next week, a group of network communication security researchers will present findings on flaws in the 5G protections meant to thwart the surveillance devices known as stingrays. Once they trick a device into connecting to it, a stingray uses the IMSI or other identifiers to track the device, and even listen in on phone calls. "The idea is that in 5G, stealing IMSI and IMEI device identification numbers will not be possible anymore for identifying and tracking attacks.

What a No-Carrier Phone Could Look Like

Netflix paved the way for OTT in media when it moved from DVD to streaming (the “Net” part of their name) and offered television and movie-content to any internet connected device. Over-The-Top means you would have a fully-functioning phone–and a phone number–portable to whatever internet connection you desire; be that a cellular carrier, a prepaid SIM card, a coffee-shop WiFi, tethered to a friend’s device, USB hotspot or whatever other fun thing you’d like to try (BlueTooth mesh network, anyone?).

Apple’s AirDrop and password sharing features can leak iPhone numbers

with 27 posters participating Apple makes it easy for people to locate lost iPhones , , and use AirDrop to send files to other nearby devices. Simply having Bluetooth turned on broadcasts a host of device details, including its name, whether it's in use, if Wi-Fi is turned on, the OS version it’s running, and information about the battery. The exposure may be creepier in public places, such as a subway, a bar, or a department store, where anyone with some low-cost hardware and a little know-how can collect the details of all Apple devices that have BLE turned on.

Facebook funds AI mind-reading experiment

Image copyright UCSF Image caption Eddie Chang (right) and David Moses hope the work will help those with speech loss Facebook has announced a breakthrough in its plan to create a device that allows people to type just by thinking. Facebook hopes it will pave the way for a "fully non-invasive, wearable device" that can process 100 words per minute. "And by demonstrating a proof-of-concept using implanted electrodes as part of their effort to help patients with speech loss, we hope UCSF's work will inform our development of the decoding algorithms and technical specifications needed for a fully non-invasive, wearable device.

Everything Cops Say About Amazon's Ring Is Scripted or Approved by Ring

However, the footage can only be obtained with the permission of the device’s owner, who must also be a user of the company’s “neighborhood watch app,” called Neighbors. Emails show that Ring was interested in keeping the public’s attention focused on a separate subsidy deal it struck with the city designed, according to the city’s press release, to “incentivize the purchase of Ring Video Doorbells and Ring security devices.” (Two hundred residents were slated to receive $100 discounts on Ring doorbell cameras.)

Amazon Alexa Accused Again Of Spying: Here Is Another Solution

I recently learned about a new voice assistant device that is worth exploring here, but first a short overview on the latest Amazon Echo and Alexa news. Various, perhaps I should say numerous, privacy groups have argued that stronger laws are needed to protect people from these always-on devices. A United Kingdom-based report this week stated that some, ahem, intimate sounds in the bedroom, would trigger the device to start listening.

The Neuroscientist Who's Building a Better Memory for Humans

In an epidsode of the dystopian near-future series, Black Mirror, a small, implantable device behind the ear grants the ability to remember, access, and replay every moment of your life in perfect detail, like a movie right before your eyes. The device, surgically implanted directly into the brain, mimics the function of a structure called the hippocampus by electrically stimulating the brain in a particular way to form memories—at least in rats and monkeys.

Google to Capture & Learn Our Emotions on a Smartphone Camera?

Since then, I’ve been keeping an eye out for patent filings from Google that used a smartphone camera to look at the expression of a user of that device in order to try to understand the emotions of that person better. The summary background for this new patented approach is one of the shortest I have seen, telling us: “Some computing devices (e.g., mobile phones, tablet computers, etc.) A computing device is described that includes a camera configured to capture an image of a user of the computing device, a memory configured to store the image of the user, at least one processor, and at least one module.

The Encryption Debate Is Over - Dead At The Hands Of Facebook

The reality, of course, is that the security of that encryption link is entirely separate from the security of the devices it connects. The ability of encryption to shield a user’s communications rests upon the assumption that the sender and recipient’s devices are themselves secure, with the encrypted channel the only weak point. After all, if either user’s device is compromised, unbreakable encryption is of little relevance.

Don’t Put Your Work Email on Your Personal Phone

Mobile Device Management potentially gives your company the ability to spy on your location, your web browsing, and more. When you add a work email address to your phone, you’ll likely be asked to install something called a Mobile Device Management (MDM) profile. MDM is set up by your company’s IT department to reach inside your phone in the background, allowing them to ensure your device is secure, know where it is, and remotely erase your data if the phone is stolen.

Apple bleee. Everyone knows What Happens on Your iPhone

If Bluetooth is ON on your Apple device everyone nearby can understand current status of your device, get info about battery, device name, Wi-Fi status, buffer availability, OS version and even get your mobile phone number. Apple devices are appreciated for the ecosystem that connects them all. It really is very convenient to start using an app on one device and continue on another. If you want to share a photo with a friend of yours, how does your iPhone know that it’s actually their device nearby?

How to test if your Bluetooth devices support BLE Privacy

Legacy Bluetooth devices and devices that don’t implement privacy-protections broadcast a persistent identifier that is unique to the device, usually several times per minute. Bluetooth devices, like Wi-Fi devices, support a privacy-enhancing technique that periodically randomizes the broadcasted address, which makes it harder to track them as their owners move about in the world. Paired devices, like your phone or laptop, can still resolve the device’s real address, enabling them to communicate properly.

Google wants to buy your face in return for a $5 gift card

It's been suggested that those taking part are being handed a Pixel 4 device prototype to collect the information - it's expected that the Pixel 4 will be the first device to offer Google's face unlocking.

Over 1,300 Android Apps Caught Collecting Data Even If You Deny Permissions

Smartphones are a goldmine of sensitive data, and modern apps work as diggers that continuously collect every possible information from your devices. The security model of modern mobile operating systems, like Android and iOS, is primarily based on permissions that explicitly define which sensitive services, device capabilities, or user information an app can access, allowing users decide what apps can access.

More information about our processes to safeguard speech data

The Google Assistant only sends audio to Google after your device detects that you’re interacting with the Assistant—for example, by saying “Hey Google” or by physically triggering the Google Assistant. A clear indicator (such as the flashing dots on top of a Google Home or an on-screen indicator on your Android device) will activate any time the device is communicating with Google in order to fulfill your request.

Now, a separate team of cybersecurity researchers has successfully demonstrated a new side-channel attack that could allow malicious apps to eavesdrop on the voice coming out of your smartphone's loudspeakers without requiring any device permission. Dubbed Spearphone, the newly demonstrated attack takes advantage of a hardware-based motion sensor, called an accelerometer, which comes built into most Android devices and can be unrestrictedly accessed by any app installed on a device even with zero permissions.